S
S
sp9999992020-01-27 10:53:56
Network administration
sp999999, 2020-01-27 10:53:56

How to track external IPs in Windows Terminal Server logs?

The question is simple.
The server is behind a router with NAT and writes the address of the router in the log for all RDP sessions, but you need to track external IP addresses in order to understand which user comes from which addresses.

It is difficult to do monitoring on the router, because. there will be no usernames.

Server - Windows Server 2016
Router - FortiGate 30E

Answer the question

In order to leave comments, you need to log in

1 answer(s)
M
mumische, 2020-01-30
@mumische

The server sees what it writes, you won't do anything on it. You need to look at the settings of the router, lay them out. I'm not strong in FortiGate, but afaik they have two types of publication - virtual ip, when destination nat is used - in this case, the source address will be the address of the client, the second - virtual server, which is inherently a balancer.
Instead of directly publishing a terminal server on the Internet, MS still recommends using RD Gateway.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question